Secret Scanner
Scan code and config for API keys, tokens, private keys, and connection strings before pasting it into an AI tool. Runs in your browser.
It checks your code for passwords and keys before you share it with an AI.
What this tool does
Pasting code into a chat or agent can leak credentials. This scanner runs fixed regex patterns for AWS keys, OpenAI and Anthropic tokens, GitHub PATs, JWTs, private key blocks, and database connection strings. Everything runs locally; nothing you paste leaves the browser.
- Check a file before pasting it into ChatGPT or Claude
- Find hardcoded credentials in config and env files
- Review a snippet for leaks before posting it publicly
Input exceeds 200,000 characters. Only the first 200k is scanned.
Regex-based scanning catches known formats only. High-entropy custom secrets can slip through.
Paste text above to scan for known secret patterns.
No known secret patterns found. Absence of findings is not proof your text is safe. Custom or rotated secrets may not match these patterns.
· high · medium
| Line | Type | Severity | Match |
|---|---|---|---|
|
Rotate the credential immediately, remove it from the code or config,
and add the file to your AI ignore list so agents do not read it
again. Use the
AI ignore file generator
to build a .cursorignore or similar file for your stack.
Nothing leaves your browser. This scanner runs entirely on your device. Pasted code, logs, and config are never uploaded, logged, or sent to any server. You can disconnect from the network and it still works.
Before you paste code into ChatGPT, Cursor, Claude, or any other AI tool, scan it for credentials. This tool matches fixed patterns for AWS keys, OpenAI and Anthropic tokens, GitHub and Slack tokens, Stripe keys, Google API keys, JWTs, private key blocks, database URLs with credentials, and common assignment syntax.
Matches are masked in the results table so you can confirm the finding without exposing the full value on screen. Regex detection is not exhaustive: short custom secrets, encrypted blobs, and rotated formats may not match. Treat a clean scan as one check in a longer safety workflow, not a guarantee.